[Unit]
Description=Lakehouse retention sweep — flag biometric + general PII subjects past their retention_until clock (BIPA + general retention compliance)
Documentation=file:///home/profit/lakehouse/docs/PHASE_1_6_BIPA_GATES.md
After=lakehouse.service

[Service]
Type=oneshot
User=root
Group=root
WorkingDirectory=/home/profit/lakehouse
# Use the release binary built alongside catalogd. retention_sweep
# deliberately does NOT auto-mutate state — it writes a date-stamped
# JSONL report to data/_catalog/subjects/_retention_sweep_<date>.jsonl
# (see crates/catalogd/src/bin/retention_sweep.rs). Operators run
# actual destruction via the destruction runbook + verify scripts.
#
# Without --apply the sweep is dry-run only; we want the persisted
# report so the audit trail captures every daily check.
ExecStart=/home/profit/lakehouse/target/release/retention_sweep \
    --storage-root /home/profit/lakehouse/data \
    --apply
StandardOutput=append:/var/log/lakehouse/retention_sweep.log
StandardError=append:/var/log/lakehouse/retention_sweep.log
# Bound the runtime — sweep over 100k subjects should complete in
# seconds; if it ever hits this we want a hard stop, not a runaway.
TimeoutStartSec=10min
# Guardrails. retention_sweep is read-mostly + writes one JSONL.
CPUQuota=100%
MemoryMax=2G
Nice=15

[Install]
WantedBy=multi-user.target